1. Field of the Invention
This invention pertains in general to computer security and in particular to the detection of malicious software downloads.
2. Description of the Related Art
There is a wide variety of malicious software (malware) that can attack modern computers. Malware threats include computer viruses, worms, Trojan horse programs, spyware, adware and crimeware. Modern malware is often designed to provide financial gain to the attacker. For example, malware can surreptitiously capture important information such as logins, passwords, bank account identifiers, and credit card numbers. Similarly, malware can provide hidden interfaces that allow the attacker to access and control the compromised computer.
Attackers often camouflage malware by making the malware appear to be legitimate. For example, malware attackers offer fake antivirus software applications at their websites. Unsuspecting users are tricked into downloading and executing the fake antivirus software, and then the malware contained therein gains control of the user's computer and attempts to perform malicious actions.
Security software can prevent malware infections by blocking downloads from websites hosted at known malicious domains. However, malware attackers defeat these security measures by frequently changing the domains from which the malware is distributed. For example, a malware attacker may change domains once per hour. Such frequent domain changing makes traditional domain-based blocking of malware downloads nearly impossible because legitimate security software vendors cannot keep up. There is thus an ongoing need for ways to keep users from downloading malware from malicious websites.